/*
 * Copyright (c) JForum Team
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, 
 * with or without modification, are permitted provided 
 * that the following conditions are met:
 * 
 * 1) Redistributions of source code must retain the above 
 * copyright notice, this list of conditions and the 
 * following  disclaimer.
 * 2)  Redistributions in binary form must reproduce the 
 * above copyright notice, this list of conditions and 
 * the following disclaimer in the documentation and/or 
 * other materials provided with the distribution.
 * 3) Neither the name of "Rafael Steil" nor 
 * the names of its contributors may be used to endorse 
 * or promote products derived from this software without 
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT 
 * HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 
 * THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
 * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 
 * IN CONTRACT, STRICT LIABILITY, OR TORT 
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
 * 
 * This file creation date: 21/09/2003 / 16:36:44
 * The JForum Project
 * http://www.jforum.net
 */
package net.jforum.security;

import java.io.File;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;

import net.jforum.JForumExecutionContext;
import net.jforum.exceptions.DatabaseException;
import net.jforum.exceptions.ForumException;
import net.jforum.util.DbUtils;
import net.jforum.util.FormSelectedData;
import net.jforum.util.I18n;
import net.jforum.util.preferences.SystemGlobals;

import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.helpers.DefaultHandler;

/**
 * Manipulates XML permission control file definition
 * 
 * @author Rafael Steil
 * @version $Id: XMLPermissionControl.java,v 1.18 2007/09/21 03:47:41
 *          rafaelsteil Exp $
 */
public class XMLPermissionControl extends DefaultHandler {
    private PermissionSection section;
    private PermissionControl pc;
    private List listSections;
    private List permissionData;
    private Map queries;
    private String permissionName;
    private String permissionId;
    private String permissionType;

    private boolean alreadySelected;

    private static class SelectData {
	private int id;
	private String name;

	public SelectData(int id, String name) {
	    this.id = id;
	    this.name = name;
	}

	public int getId() {
	    return this.id;
	}

	public String getName() {
	    return this.name;
	}
    }

    public XMLPermissionControl(PermissionControl pc) {
	this.listSections = new ArrayList();
	this.permissionData = new ArrayList();
	this.queries = new HashMap();
	this.pc = pc;
    }

    /**
     * @return <code>List</code> object containing <code>Section</code> objects.
     *         Each <code>Section</code> contains many
     *         <code>PermissionItem</code> objects, which represent the
     *         permission elements of some section. For its turn, the
     *         <code>PermissionItem</code> objects have many
     *         <code>FormSelectedData</code> objects, which are the ones
     *         responsible to store field values, and which values are checked
     *         and which not.
     * @param xmlFile
     *            String
     */
    public List loadConfigurations(String xmlFile) {
	try {
	    SAXParserFactory factory = SAXParserFactory.newInstance();
	    factory.setValidating(false);

	    SAXParser parser = factory.newSAXParser();
	    File fileInput = new File(xmlFile);

	    if (fileInput.exists()) {
		parser.parse(fileInput, this);
	    } else {
		InputSource inputSource = new InputSource(xmlFile);
		parser.parse(inputSource, this);
	    }

	    return this.listSections;
	} catch (Exception e) {
	    throw new ForumException(e);
	}
    }

    /**
     * @see org.xml.sax.ContentHandler#endElement(String, String, String)
     */
    public void endElement(String namespaceURI, String localName, String tag)
	    throws SAXException {
	if (tag.equals("section")) {
	    this.listSections.add(this.section);
	} else if (tag.equals("permission")) {
	    this.section
		    .addPermission(new PermissionItem(this.permissionName,
			    this.permissionId, this.permissionType,
			    this.permissionData));

	    this.permissionData = new ArrayList();
	}
    }

    /**
     * @see org.xml.sax.ErrorHandler#error(SAXParseException)
     */
    public void error(SAXParseException exception) throws SAXException {
	throw exception;
    }

    /**
     * @see org.xml.sax.ContentHandler#startElement(String, String, String,
     *      Attributes)
     */
    public void startElement(String namespaceURI, String localName, String tag,
	    Attributes atts) throws SAXException {
	if (tag.equals("section")) {
	    String title = I18n.getMessage(atts.getValue("title"));
	    this.section = new PermissionSection(title, atts.getValue("id"));
	} else if (tag.equals("permission")) {
	    String title = I18n.getMessage(atts.getValue("title"));

	    this.permissionName = title;
	    this.permissionId = atts.getValue("id");
	    this.permissionType = atts.getValue("type");
	    this.alreadySelected = false;
	} else if (tag.equals("sql")) {
	    String refName = atts.getValue("refName");

	    // If refName is present, then we have a template query
	    if (refName != null) {
		ResultSet rs = null;
		PreparedStatement p = null;

		try {
		    p = JForumExecutionContext.getConnection()
			    .prepareStatement(
				    SystemGlobals.getSql(atts
					    .getValue("queryName")));
		    rs = p.executeQuery();

		    String valueField = atts.getValue("valueField");
		    String captionField = atts.getValue("captionField");

		    List l = new ArrayList();

		    while (rs.next()) {
			l.add(new SelectData(rs.getInt(valueField), rs
				.getString(captionField)));
		    }

		    this.queries.put(refName, l);
		} catch (Exception e) {
		    throw new DatabaseException(e);
		} finally {
		    DbUtils.close(rs, p);
		}
	    } else {
		// If it gets here, then it should be a <sql ref="xxxx"> section
		RoleValueCollection roleValues = new RoleValueCollection();
		Role role = this.pc.getRole(this.permissionId);

		if (role != null) {
		    roleValues = role.getValues();
		}

		List l = (List) this.queries.get(atts.getValue("ref"));

		for (Iterator iter = l.iterator(); iter.hasNext();) {
		    SelectData data = (SelectData) iter.next();

		    String id = Integer.toString(data.getId());
		    RoleValue rv = roleValues.get(id);

		    this.permissionData.add(new FormSelectedData(
			    data.getName(), id, rv == null));
		}
	    }
	} else if (tag.equals("option")) {
	    boolean selected = false;

	    if (this.permissionType.equals("single")) {
		if (this.pc.canAccess(this.permissionId)
			&& atts.getValue("value").equals("allow")
			&& !this.alreadySelected) {
		    selected = true;
		    this.alreadySelected = true;
		}
	    } else {
		throw new UnsupportedOperationException(
			"'option' tag with 'multiple' attribute support not yet implemented");
	    }

	    this.permissionData
		    .add(new FormSelectedData(I18n.getMessage(atts
			    .getValue("description")), atts.getValue("value"),
			    selected));
	}
    }
}